palo/nixos-config
palo/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

migrate pepe services to chungus

Browse source
This commit is contained in:
Ingolf Wagner 2023-05-05 22:33:05 +02:00
parent fdbc5679e8
commit 51bccd5b74
No known key found for this signature in database
GPG key ID: 76BF5F1928B9618B
10 changed files with 170 additions and 34 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
nixos/components/network/tinc/private.nix
View file

@ -37,6 +37,7 @@ let
"tts.chungus" = hosts.chungus;
"tdarr.chungus" = hosts.chungus;
"sync.chungus" = hosts.chungus;
"flix.chungus" = hosts.chungus;
};
network = "private";
in

21
nixos/machines/chungus/configuration.nix
View file

@ -5,23 +5,26 @@
./hardware-configuration.nix
../../system/server
./disko-config.nix
./packages.nix
./tinc.nix
#./mail-fetcher.nix
#./hass.nix
#./zigbee2mqtt.nix
#./network-wireguard.nix
./network-tinc.nix
./hass.nix
./hass-zigbee2mqtt.nix
./hass-mqtt.nix
#./hass-wifi.nix
#./syncthing.nix
#./wifi-access-point.nix
#./mail-fetcher.nix
#./borg.nix
#./taskwarrior-pushover.nix
./tdarr.nix
#./jellyfin.nix
./media-share.nix
./media-tdarr.nix
./media-jellyfin.nix
#./wireguard.nix
# logging
./loki.nix

15
nixos/machines/chungus/hass-mqtt.nix Normal file
View file

@ -0,0 +1,15 @@
{ lib, ... }: {
services.mosquitto = {
enable = true;
listeners = [{
acl = [ "pattern readwrite #" ];
omitPasswordAuth = true;
settings.allow_anonymous = true;
}];
};
# open for tasmota
networking.firewall.allowedTCPPorts = [ 1883 ];
}

56
nixos/machines/chungus/hass-zigbee2mqtt.nix Normal file
View file

@ -0,0 +1,56 @@
{ pkgs, lib, config, private_assets, ... }:
{
imports = [ ./hass-mqtt.nix ];
services.zigbee2mqtt = {
enable = true;
dataDir = "/srv/zigbee2mqtt";
settings = {
# Home Assistant integration (MQTT discovery)
homeassistant = true;
# allow new devices to join
permit_join = false;
# MQTT settings
mqtt = {
# MQTT base topic for zigbee2mqtt MQTT messages
base_topic = "zigbee2mqtt";
# MQTT server URL
server = "mqtt://127.0.0.1:1883";
# MQTT server authentication, uncomment if required:
user = "zigbee";
password = lib.fileContents "${private_assets}/zigbee/home-assistant-password";
};
# Serial settings
serial = {
#port = "/dev/ttyACM0";
port = "/dev/ttyUSB0";
# disable LED of CC2531 USB sniffer
#disable_led = true;
};
# you own network key,
# 16 numbers between 0 and 255
# see https://www.zigbee2mqtt.io/how_tos/how_to_secure_network.html
advanced = {
network_key = import "${private_assets}/zigbee/networkKey.nix";
log_output = [ "console" ];
log_level = "warn";
pan_id = 1337;
# add last seen information
last_seen = "ISO_8601_local";
};
# configure web ui
frontend.port = 9666;
frontend.host = "0.0.0.0";
experimental.new_api = true;
};
};
}

16
nixos/machines/chungus/hass.nix Normal file
View file

@ -0,0 +1,16 @@
{ config, lib, pkgs, ... }:
{
virtualisation.oci-containers = {
containers.homeassistant = {
volumes = [ "/srv/home-assistant:/config" ];
environment.TZ = "Europe/Berlin";
image = "ghcr.io/home-assistant/home-assistant:stable"; # Warning: if the tag does not change, the image will not be updated
extraOptions = [ "--network=host" ];
};
};
networking.firewall.allowedTCPPorts = [ 8123 ];
networking.firewall.allowedUDPPorts = [ 8123 ];
}

34
nixos/machines/chungus/media-jellyfin.nix Normal file
View file

@ -0,0 +1,34 @@
{ config, lib, pkgs, ... }:
{
services.jellyfin = {
enable = true;
openFirewall = true;
group = "media";
user = "media";
};
#hardware.opengl = {
# enable = true;
# driSupport = true;
# driSupport32Bit = true;
#};
services.nginx = {
enable = true;
virtualHosts."flix.${config.networking.hostName}.private" = {
serverAliases = [ "flix.${config.networking.hostName}" ];
extraConfig = ''
# Security / XSS Mitigation Headers
# NOTE: X-Frame-Options may cause issues with the webOS app
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options "nosniff";
'';
locations."/" = {
recommendedProxySettings = true;
proxyWebsockets = true;
proxyPass = "http://localhost:8096";
};
};
};
}

28
nixos/machines/chungus/media-share.nix Normal file
View file

@ -0,0 +1,28 @@
{ config, ... }:
{
# To set password:
# nix-shell -p samba --run "smbpasswd -a media"
custom.samba-share.enable = true;
custom.samba-share.private = {
media = {
folder = "/media";
users = "media";
};
temp = {
folder = "/srv/tdarr/transcode_cache";
users = "media";
};
};
users.groups."media".gid = config.ids.gids.transmission;
users.users."media" = {
uid = config.ids.uids.transmission;
group = "media";
};
services.permown."/media" = {
owner = "media";
group = "media";
};
}

24
nixos/machines/chungus/tdarr.nix → nixos/machines/chungus/media-tdarr.nix
View file

@ -1,28 +1,8 @@
{ config, lib, pkgs, ... }:
{
# To set password:
# nix-shell -p samba --run "smbpasswd -a media"
custom.samba-share.enable = true;
custom.samba-share.private.media = {
folder = "/media";
users = "media";
};
users.groups."media".gid = config.ids.gids.transmission;
users.users."media" = {
uid = config.ids.uids.transmission;
group = "media";
};
services.permown."/media" = {
owner = "media";
group = "media";
};
# https://docs.tdarr.io/docs/installation/docker/run-compose
virtualisation.oci-containers = {
# backend = "podman";
containers.tdarr = {
volumes = [
"/srv/tdarr/server:/app/server"
@ -39,8 +19,8 @@
inContainer = "true";
nodeName = "ServerNode";
TZ = "Europe/London";
PUID = toString config.ids.uids.transmission;
PGID = toString config.ids.gids.transmission;
PUID = toString config.users.users.media.uid;
PGID = toString config.users.groups.media.gid;
};
ports = [
"8265:8265" # WebUI

0
nixos/machines/chungus/tinc.nix → nixos/machines/chungus/network-tinc.nix
View file

9
nixos/machines/pepe/configuration.nix
View file

@ -7,8 +7,10 @@
./mail-fetcher.nix
./packages.nix
./hass.nix
./zigbee2mqtt.nix
#./hass.nix
#./zigbee2mqtt.nix
#./kodi.nix
./syncthing.nix
./tinc.nix
@ -32,7 +34,8 @@
./telegraf.nix
./home-display.nix
./tdarr.nix
#./tdarr.nix
];